摘 要:在SDN 架构下,网络控制器的拒绝服务攻击会抢占控制器的资源,引起网络瘫痪。本文分析了SDN 控制器的拒绝服务攻击的特点,介绍了目前比较主流的检测和防护SDN 控制器DoS 攻击的方法,并以OpenDaylight 控制器为例,提出了一种对控制器DoS 攻击进行检测和防护的模型,最后利用ODL 提供的API 对提出的模型进行了编程实现。
关键词:SDN 网络;拒绝服务攻击;OpenDaylight
中图分类号:TP393.08 文献标识码:A 文章编号:2096-4706(2018)12-0184-02
Detecting and Defeating Denial-of-Service Attacks on SDN Controller
LIU Zhigang
(Modern Education Technonoly and Information Center,Nanchang Hangkong University,Nanchang 330063,China)
Abstract:Denial-of-Service(DoS)attacks will run out of the resources of SDN controller,and results in breakdown of thenetwork. This article analysis characters of DoS attacks on SDN Controller,meanwhile some detection and prevention methods are alsointroduced. In this paper,a model of Detecting and Defeating Denial-of-Service attacks on OpenDaylight controller is proposed. Using theAPI of ODL,we realize this model by programming.
Keywords:SDN network;Denial-of-Service attacks ;OpenDaylight
参考文献:
[1] McKeown N.Software-Defined metworking.In:Proc.ofthe INFOCOM Key Note,http://infocom2009.ieee-infocom.org/technicalProgram.htm,2009.
[2] 王蒙蒙,刘建伟,陈杰,等. 软件定义网络:安全模型、机制及研究进展 [J]. 软件学报,2016,27(4):969-992.
[3] Manik Lal Das,Navkar Samdaria. On the security of SSL/TLS-enabled applications [J].Applied Computing and Informatics,2014,10(1-2):68-81.
[4] Hong S,Xu L,Wang H,Gu G. Poisoning network visibilityin software-defined networks:New attacks and countermeasures. In:Proc. of the 2015 Annual Network and Distributed System SecuritySymp.(NDSS 2015). San Diego:Internet Society,2015:1-15.
[5] Wa n g H,X u L G u G . O F -GUARD:A D o S a t t a c kprevention extension in software-defined networks. In:Proc. of thePoster Session of the Open Networking Summit 2014. Santa Clara:USENIX,2014:1-2.
作者简介:刘治纲(1978.05-),男,汉族,江西南昌人,讲师,研究生,研究方向:下一代互联网。